mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-29 01:31:20 +00:00
253 lines
8.0 KiB
JSON
253 lines
8.0 KiB
JSON
{
|
|
"id": "CVE-2010-1539",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2010-04-26T19:30:00.597",
|
|
"lastModified": "2024-11-21T01:14:39.493",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Cross-site scripting (XSS) vulnerability in the Workflow module 5.x-2.x before 5.x-2.6 and 6.x-1.x before 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users to inject arbitrary web script or HTML via a certain Comment field."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el m\u00f3dulo Workflow 5.x-2.x en versiones anteriores a la 5.x-2.6 y 6.x-1.x en versiones anteriores a la 6.x-1.4 para Drupal, cuando se usa con el m\u00f3dulo Token, puede permitir a atacantes remotos autenticados inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de un campo \"Comment\" determinado."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
|
|
"baseScore": 2.1,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "HIGH",
|
|
"authentication": "SINGLE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"baseSeverity": "LOW",
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-79"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:john_vandyk:workflow:5.x-2.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CFCD73E7-AF32-4D65-ADAB-C38A296F75FB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:john_vandyk:workflow:5.x-2.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F3A0CCFC-92B9-48B2-9205-4C3FCD76E5C9"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:john_vandyk:workflow:5.x-2.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9493361F-1EEC-44A7-98B9-C5C3384C202F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:john_vandyk:workflow:5.x-2.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CBE717B5-ED74-4AE7-B5DD-B60FC48AAC47"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:john_vandyk:workflow:5.x-2.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B4D7D66A-3828-44CB-A38E-5052910A8588"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:john_vandyk:workflow:5.x-2.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A0F72183-AEB6-4EA6-9473-060055C0B5EC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:john_vandyk:workflow:5.x-2.x:dev:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FFB1B349-52A8-46A1-AA9C-A018974661BF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:john_vandyk:workflow:6.x-1.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4831A82E-216B-40B6-BB69-251CBF6475F4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:john_vandyk:workflow:6.x-1.0:beta1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DAA18565-79DB-493A-981C-65E9E5A89740"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:john_vandyk:workflow:6.x-1.0:beta2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "98FF3925-2D03-4E54-9596-5BDA6E807910"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:john_vandyk:workflow:6.x-1.0:rc1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "66428E92-396C-435E-907C-CB44A7D49258"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:john_vandyk:workflow:6.x-1.0:rc3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D458714A-FD4A-4C89-ADF8-9A003749993C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:john_vandyk:workflow:6.x-1.0:rc4:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F93D053C-052C-402A-9DED-3BA81AF34053"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:john_vandyk:workflow:6.x-1.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "79FAA734-2CE6-4BC8-9A66-3A279F151658"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:john_vandyk:workflow:6.x-1.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1F1FA8BA-4393-4451-BD0C-BDDA08728BEA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:john_vandyk:workflow:6.x-1.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "162714F2-C953-48CE-9B65-67EEC3FE85EB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:john_vandyk:workflow:6.x-1.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6961C5A3-BB6E-4A1A-A777-AE20AAB0879E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:john_vandyk:workflow:6.x-1.x-dev:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "352CD782-FB9C-4EC7-B99B-BF4E1063CFAD"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://drupal.org/node/731624",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://drupal.org/node/731644",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://drupal.org/node/731648",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/38825",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/38520",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56638",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://drupal.org/node/731624",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://drupal.org/node/731644",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://drupal.org/node/731648",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/38825",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/38520",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56638",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
}
|
|
]
|
|
} |